PR decoration reading more lines than in the PR

Good day.

I posted a similar issue some time ago, this is the topic URL

https://community.sonarsource.com/t/pr-decoration-not-reading-new-lines-of-pr/81728/4

and I think I’m getting a similar issue. As you see on images attached, my PR contains less lines that whatever Sonar is analyzing through the PR decoration

Screenshot 2023-03-01 at 11.46.431842×628 75.9 KB

Screenshot 2023-03-01 at 11.46.531654×613 43.9 KB

My branch is older than these changes (these changes were pushed into develop without being analyzed since Sonar implementation has not being pushed yet), but even if I create a new branch off from develop with the new changes and I create a PR with a small change, I’m getting Sonar analyzing all those previous lines.

Last time, the sensor cache was enabled. When I disabled it, I got the PR decoration analyzing just new lines, but this time that’s not working.

Any new ideas? Let me know if you need additional details. I’m using same configurations provided on last post.

Thanks.

Hi,

This sounds like a problem with the detection of new code. Can you post or point us to your analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Ann

Hi Ann,

please find attached analysis logs.

Let me know if I need to share anything else.

output_logs.txt (14.3 KB)

Hi,

Here we go:

INFO: SCM Publisher is disabled

Without the collection of SCM data, new code can’t be identified.

You’ll need to find where in your configuration this is disabled and re-enable it.

 
HTH,
Ann

Hi Ann,

According to the documentation you shared, these are the config files I need:

• Other CI-based analysis: sonar-project.properties
• Automatic analysis: .sonarcloud.properties

Does it hurt to have both sonar-project.properties and .sonarcloud.properties ?
I use GitHub Actions for PR Decoration and AWS CodePipeline for complete analysis.

This is my content in .sonarcloud.properties

# Path to sources
sonar.sources=.
sonar.python.version=3.8
sonar.exclusions=external_services/book/tests/files/**, **/xsd_model/**, **/*airsub.py, **/pnr_retrieve_api.py, **/pnr_retrieve_sub.py, **/*airsup.py, static/**, staticfiles/**, yaml/**, ref_scripts/search_response_structure_v0.4_mini.json, **/*hotelsup.py, **/*hotelsub.py, **/*universalsub.py, **/*universalsup.py
sonar.coverage.exclusions=external_services/book/tests/files/**, **/xsd_model/**, **/*airsub.py, **/pnr_retrieve_api.py, **/pnr_retrieve_sub.py, **/*airsup.py, static/**, staticfiles/**, yaml/**, ref_scripts/search_response_structure_v0.4_mini.json, **/*hotelsup.py, **/*hotelsub.py, **/*universalsub.py, **/*universalsup.py
sonar.cdp.exclusions=external_services/book/tests/files/**, **/xsd_model/**, **/*airsub.py, **/pnr_retrieve_api.py, **/pnr_retrieve_sub.py, **/*airsup.py, static/**, staticfiles/**, yaml/**, ref_scripts/search_response_structure_v0.4_mini.json, **/*hotelsup.py, **/*hotelsub.py, **/*universalsub.py, **/*universalsup.py
sonar.test.exclusions=external_services/book/tests/files/**, **/xsd_model/**, **/*airsub.py, **/pnr_retrieve_api.py, **/pnr_retrieve_sub.py, **/*airsup.py, static/**, staticfiles/**, yaml/**, ref_scripts/search_response_structure_v0.4_mini.json, **/*hotelsup.py, **/*hotelsub.py, **/*universalsub.py, **/*universalsup.py
sonar.scm.revision=git


#sonar.inclusions=

# Path to tests
#sonar.tests=tests/
#sonar.test.exclusions=
#sonar.test.inclusions=

# Source encoding
#sonar.sourceEncoding=UTF-8

# Exclusions for copy-paste detection
#sonar.cpd.exclusions=

# sonar.projectVersion=3.5.0.2

And this is my content in sonar-project.properties

sonar.projectKey=trip_ninja_api
sonar.organization=trip-ninja-inc-1
sonar.python.version=3.8
sonar.exclusions=external_services/book/tests/files/**, **/xsd_model/**, **/*airsub.py, **/pnr_retrieve_api.py, **/pnr_retrieve_sub.py, **/*airsup.py, static/**, staticfiles/**, yaml/**, ref_scripts/search_response_structure_v0.4_mini.json, **/*hotelsup.py, **/*hotelsub.py, **/*universalsub.py, **/*universalsup.py
sonar.coverage.exclusions=external_services/book/tests/files/**, **/xsd_model/**, **/*airsub.py, **/pnr_retrieve_api.py, **/pnr_retrieve_sub.py, **/*airsup.py, static/**, staticfiles/**, yaml/**, ref_scripts/search_response_structure_v0.4_mini.json, **/*hotelsup.py, **/*hotelsub.py, **/*universalsub.py, **/*universalsup.py
sonar.cdp.exclusions=external_services/book/tests/files/**, **/xsd_model/**, **/*airsub.py, **/pnr_retrieve_api.py, **/pnr_retrieve_sub.py, **/*airsup.py, static/**, staticfiles/**, yaml/**, ref_scripts/search_response_structure_v0.4_mini.json, **/*hotelsup.py, **/*hotelsub.py, **/*universalsub.py, **/*universalsup.py
sonar.test.exclusions=external_services/book/tests/files/**, **/xsd_model/**, **/*airsub.py, **/pnr_retrieve_api.py, **/pnr_retrieve_sub.py, **/*airsup.py, static/**, staticfiles/**, yaml/**, ref_scripts/search_response_structure_v0.4_mini.json, **/*hotelsup.py, **/*hotelsub.py, **/*universalsub.py, **/*universalsup.py
sonar.scm.revision=git
sonar.qualitygate.wait=true


# This is the name and version displayed in the SonarCloud UI.
#sonar.projectName=trip_ninja_api
#sonar.projectVersion=1.0

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
#sonar.sources=.

# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

I think in the UI this is affecting as well…

I will remove the checkbox for disabling the SCM sensor, let me know if I need only sonar-project.properties on my project.

Thanks

Hi,

In the long run, it will be confusing. One is only relevant in an autoscan context, but having it there will confuse people about which file they need to update & which one is really in force.

As a side note (and because I can’t help myself)

This doesn’t actually exclude everything you think it does since ** is the wildcard to exclude 0-n directories. If you want this to work, you need to end your ** patterns with /*. E.G. external_services/book/tests/files/**/*

Typo. Should be sonar.cpd.exclusions

This is intended to allow you to override the sha1 used in analysis results. You probably didn’t intend to do this override with a static value. Git will be (should be) automatically detected as your SCM provider. You can simply remove this.

 
Ann

Good day Ann,

Thank you so much for all the advises given so far.

I’ve done the following steps and so far testing is giving successful results:

• Removed .sonarcloud.properties and both analysis are working (Complete analysis on CodePipeline and PR Decoration with GitHub Actions.

• Removed sonar.scm.revision=git as you suggested on sonar-project.properties

• Disabled SCM sensor on the UI so the PR decoration is working as expected and analyzes only new lines. However, this check aparently needs to be set to true whenever we are executing a complete analysis. I added the parameter in my command on my buildpec.yml to have it enabled whenever a complete analysis is completed (please correct me if I’m wrong on this):

sonar-scanner -Dsonar.organization=$Organization -Dsonar.projectKey=$Project -Dsonar.sources=. -Dsonar.host.url=$HOST -Dsonar.branch.name=$Branch -Dsonar.scm.disabled=true

So far, everything is working as expected. However, this is not being pushed yet, and I have the following questions before I push this code into our CI / CD pipeline.

• My main branch is being set as develop to test these changes. However, our main branches are:

1. staging-vX.X.X (stagingv4.0.1 for example)
2. production

Could you please advise me on how to put the long-lived branch patterns?

Screenshot 2023-03-06 at 9.40.461356×428 19.2 KB

We were wondering if we should create a new project pointing into the same repository but just with the new branches, to avoid confusions between PRs and branches in just one project.

What should be the best practice? Should I open a new post to ask these questions?

I would really appreciate if you could advise here.

Thank you so much for your guidance.
Chris.

Hi Chris,

Don’t do this. Just leave it on always. You’ll get the best results that way.

You probably want something like (production|staging*) or (production|staging-v*)

Yes, please. I’m not really understanding the question, so it would be best to have a new thread to dig into it.

 
HTH,
Ann

Hi Ann,

I will open a new thread for the other question.

Regarding this parameter being set on my command:

If I leave it on always, I get the following error on CodePipeline:

ERROR: Error during SonarScanner execution
981 ERROR: Not inside a Git work tree: /codebuild/output/src287723511/src

I will create the other post and put the link here.

Thank you so much again, Ann.
Chris.

Hi,

Ehm… You should sort this out - in another thread - not just sidestep it.

No need.

 
Ann

Thank Ann.

I’ve created two new posts; one for troubleshooting error on CodePipeline and another one with long-live branch pattern not working.

Regards.
Chris.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.